Grapgql query limitation

Product Feature Requests & Feedback
, ,
1

Hey i have an graphql api. Is it possible to limit a key to use api with specific value in the query? For example i have a query that retrives persons based on gender and age. Is it poaibble to to limit the key to use the query with prefixed value gender=male and if the key tries to ask for persons with gender=female then tyk will deny it

2

Hey @ilya_gorokhov! Welcome to Tyk community :slight_smile:

I’m afraid we don’t provide this sort of graph access control. We have field-based permissions but those will work on type/field level. What I understand you are after is a way to base permissions on enum values - in this case gender, right?

It’s an interesting concept. In your schema is gender an enum? How is it defined exactly?

The way field-based permissions currently work is they “look into” the schema and return to the admin a list of schema objects that can be allowed or restricted to access. Adding anything to that list would need an extension of what the backend is looking for in the schema.

Let me know. Interesting idea!

3

Thanks for the answer.
Well in my vision (i thought tyk provides it) - in graphql schema you define the query and the arguments the client can pass in his request.

type Query {
  rollDice(numDice: Int!, numSides: Int): [Int]
}

Tyk will give the option for the admin to create a key that limits the client to access only this query and in this query there is option to the admin to limit him with the values the client passes.
Argument-bases permissions - if its and enum the admin can choose the enums the client can use. if its an integer than the admin sets range of values, if its a string than the admin can allow strings based on “regex”, etc…
In practice when the client will send a request to tyk, tyk will check based on key rules if the request valid.
Graphql is served over http post requests, so if there is an option right now in tyk to modify or check post requests (modify header | body in rest api) i think there should be an option for that too.

I don’t know if there is a need for this… But this is my little idea :man_shrugging::sweat_smile:

Have a nice day :slight_smile:

2 Likes